Shopify API access scopes
All apps need to request access to specific store data during the app authorization process. This guide provides a complete list of available access scopes for the Admin, Storefront, and Payment Apps APIs.
How it works
锚点链接to section titled "How it works"After you'vegenerated API credentials, your app needs tobe authorized to access store data.
Authorization is the process of giving permissions to apps. Users can authorize Shopify apps to access data in a store. For example, an app might be authorized to access orders and product data in a store.
An app can request authenticated or unauthenticated access scopes.
| Type of access scopes | Description | Example use cases |
|---|---|---|
| Authenticated | Controls access to resources in theREST Admin API,GraphQL Admin API, andPayments Apps API. Authenticated access is intended for interacting with a store on behalf of a user. |
|
| Unauthenticated | Controls an app's access toStorefront APIobjects. Unauthenticated access is intended for interacting with a store on behalf of a customer. |
|
| 客户 | Controls an app's access to客户Account APIobjects. 客户access is intended for interacting with data that belongs to a customer. |
|
Authenticated access scopes
锚点链接to section titled "Authenticated access scopes"Your app can request the following authenticated access scopes:
| Scope | Access |
|---|---|
read_all_orders |
All relevantordersrather than the default window of orders created within the last 60 daysPermissions required This OAuth scope is used in conjunction with existing order scopes, for example You need torequest permission for this access scopefrom your Partner Dashboard before adding it to your app. |
read_assigned_fulfillment_orders,
|
FulfillmentOrderresources assigned to a location managed by yourfulfillment service |
read_cart_transforms,
|
魔法geCart Transformobjects to sellbundles. |
read_checkouts,
|
Checkouts |
read_content,
|
Article,Blog,Comment,Page, andRedirect |
read_customer_merge,
|
客户MergePreviewand客户MergeRequest |
read_customers,
|
客户andSaved Search |
read_customer_payment_methods |
客户PaymentMethodPermissions required You need torequest permission for this access scopefrom your Partner Dashboard before adding it to your app. |
read_discounts,
|
GraphQL Admin APIDiscounts features |
read_draft_orders,
|
Draft Order |
read_files,
|
GraphQL Admin APIGenericFileobject andfileCreate,fileUpdate, andfileDeletemutations |
read_fulfillments,
|
Fulfillment Service |
read_gift_cards,
|
Gift CardSHOPIFY PLUS |
read_inventory,
|
Inventory LevelandInventory Item |
read_legal_policies |
GraphQL Admin APIShop Policy |
read_locales,
|
GraphQL Admin APIShop Locale |
read_locations |
Location |
read_metaobject_definitions,
|
MetaobjectDefinition |
read_metaobjects,
|
Metaobject |
read_marketing_events,
|
Marketing Event |
read_merchant_approval_signals |
MerchantApprovalSignals |
read_merchant_managed_fulfillment_orders,
|
FulfillmentOrderresources assigned to merchant-managed locations |
read_orders,
|
Abandoned checkouts,客户,Fulfillment,Order, andTransactionresources |
read_payment_mandate,
|
PaymentMandate |
read_payment_terms,
|
GraphQL Admin APIPaymentScheduleandPaymentTermsobjects |
read_price_rules,
|
Price Rules |
read_products,
|
Product,Product Variant,Product Image,Collect,Custom Collection, andSmart Collection |
read_product_listings |
Product ListingandCollection Listing |
read_publications,
|
Product publishingandCollection publishing |
read_purchase_options,
|
SellingPlan |
read_reports,
|
Reports |
read_resource_feedbacks,
|
ResourceFeedback |
read_script_tags,
|
Script Tag |
read_shipping,
|
Carrier Service,Country, andProvince |
read_shopify_payments_disputes |
Shopify PaymentsDisputeresource |
read_shopify_payments_payouts |
Shopify PaymentsPayout,Balance, andTransactionresources |
read_own_subscription_contracts,
|
SubscriptionContractPermissions required You need torequest permission for these access scopesfrom your Partner Dashboard before adding them to your app. |
read_returns,
|
Returnobject |
read_themes,
|
AssetandTheme |
read_translations,
|
GraphQL Admin APITranslatableobject |
read_third_party_fulfillment_orders,
|
FulfillmentOrderresources assigned to a location managed by anyfulfillment service |
read_users |
UserandStaffMemberSHOPIFY PLUS |
read_order_edits,
|
GraphQL Admin APIOrderStagedChangetypes andorder editingfeatures |
write_payment_gateways |
Payments Apps APIpaymentsAppConfigure |
write_payment_sessions |
Payments Apps APIPayment,Capture,RefundandVoid |
Requesting specific permissions
锚点链接to section titled "Requesting specific permissions"Follow the procedures below to request specific permissions to request access scopes in the Partner Dashboard.
Orders permissions
锚点链接to section titled "Orders permissions"By default, you have access to the last 60 days' worth of orders for a store. To access all the orders, you need to request access to theread_all_ordersscope from the user:
- From the Partner Dashboard, go toApps.
- Click the name of your app.
- ClickApp setup.
- In theOrderssection, on theRead all orderscard, clickRequest access.
- On theOrderspage that opens, describe your app and why you’re applying for access.
ClickRequest access.
If Shopify approves your request, then you can add the
read_all_ordersscope to your app along withread_ordersorwrite_orders.
Subscription APIs permissions
锚点链接to section titled "Subscription APIs permissions"Subscription apps let users sell subscription products that generate multiple orders on a specific billing frequency.
With subscription products, the app user isn't required to get customer approval for each subsequent order after the initial subscription purchase. As a result, your app needs to request the required protected access scopes to use Subscription APIs from the app user:
- From the Partner Dashboard, go toApps.
- Click the name of your app.
- ClickApp setup.
- In theSubscriptionssection, on theAccess Subscriptions APIscard, clickRequest access.
- On theSubscriptionspage that opens, describe why you’re applying for access.
- ClickRequest access.
If Shopify approves your request, then you can add theread_customer_payment_methodsandwrite_own_subscription_contractsscopes to your app.
Protected customer data permissions
锚点链接to section titled "Protected customer data permissions"By default, apps don't have access to any protected customer data. To access protected customer data, you must meet ourprotected customer data requirements. You can add the relevant scopes to your app, but the API won't return data from non-development stores until your app is configured and approved for protected customer data use.
Unauthenticated access scopes
锚点链接to section titled "Unauthenticated access scopes"Unauthenticated access scopes provide apps with read-only access to theStorefront API. Unauthenticated access is intended for interacting with a store on behalf of a customer. For example, an app might need to do one or more of following tasks:
- Read products and collections
- 创建客户和更新客户帐户
- Query international prices for products and orders
- Interact with a cart during a customer's session
- Initiate a checkout
Request scopes
锚点链接to section titled "Request scopes"To request unauthenticated access scopes for an app, select them when yougenerate API credentialsorchange granted access scopes.
To request access scopes or permissions for the Headless channel, refer tomanaging the Headless channel.
Your can request the following unauthenticated access scopes:
| Scope | Access |
|---|---|
unauthenticated_read_checkouts,
|
Checkoutobject |
unauthenticated_read_customers,
|
客户object |
unauthenticated_read_customer_tags |
tagsfield on the客户object |
unauthenticated_read_content |
Storefront content, such asArticle,Blog, andCommentobjects |
unauthenticated_read_metaobjects |
View metaobjects, such asMetaobject |
unauthenticated_read_product_listings |
ProductandCollectionobjects |
unauthenticated_read_product_tags |
tagsfield on theProductobject. |
unauthenticated_read_selling_plans |
Selling plan content on theProductobject. |
客户access scopes
锚点链接to section titled "Customer access scopes"客户access scopes provide apps with read and write access to the客户Account API. Customer access is intended for interacting with data that belongs to a customer. For example, an app might need to do one or more of following tasks:
- Read customers orders
- Update customer accounts
- Create and update customer addresses
- Read shop, customer or order metafields
Request scopes
锚点链接to section titled "Request scopes"To request access scopes or permissions for the Headless or Hydrogen channel, refer tomanaging permissions.
Your can request the following customer access scopes:
| Scope | Access |
|---|---|
customer_read_customers,
|
客户object |
customer_read_orders |
Orderobject |
customer_read_draft_orders |
Draft Orderobject |
customer_read_markets |
ob欧宝娱乐app下载地址object |
Checking granted access scopes
锚点链接to section titled "Checking granted access scopes"You can check your app’s granted access scopes using theGraphQL Admin APIorREST Admin API.
GraphQL
锚点链接to section titled "GraphQL"Limitations and considerations
锚点链接to section titled "Limitations and considerations"- Apps should request only the minimum amount of data that's necessary for an app to function when using a Shopify API. Shopify restricts access to scopes for apps that don't require legitimate use of the associated data.
- Onlypublic or custom appsare granted access scopes. Legacy app types, such as private or unpublished, won't be granted new access scopes.